<!DOCTYPE html>



  


<html class="theme-next muse use-motion" lang="zh-Hans">
<head><meta name="generator" content="Hexo 3.8.0">
  <meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta name="theme-color" content="#222">









<meta http-equiv="Cache-Control" content="no-transform">
<meta http-equiv="Cache-Control" content="no-siteapp">
















  
  
  <link href="/lib/fancybox/source/jquery.fancybox.css?v=2.1.5" rel="stylesheet" type="text/css">







<link href="/lib/font-awesome/css/font-awesome.min.css?v=4.6.2" rel="stylesheet" type="text/css">

<link href="/css/main.css?v=5.1.4" rel="stylesheet" type="text/css">


  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png?v=5.1.4">


  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png?v=5.1.4">


  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png?v=5.1.4">


  <link rel="mask-icon" href="/images/logo.svg?v=5.1.4" color="#222">





  <meta name="keywords" content="Hexo, NexT">





  <link rel="alternate" href="/atom.xml" title="renhao" type="application/atom+xml">






<meta name="description" content="本文总结下https中的数字证书，浏览器如何验证，中间人攻击如何进行和防范">
<meta property="og:type" content="article">
<meta property="og:title" content="https 中的数字证书与中间人攻击">
<meta property="og:url" content="https://huangrenhao.gitee.io/2020/09/06/https-certificate/index.html">
<meta property="og:site_name" content="renhao">
<meta property="og:description" content="本文总结下https中的数字证书，浏览器如何验证，中间人攻击如何进行和防范">
<meta property="og:locale" content="zh-Hans">
<meta property="og:updated_time" content="2020-09-24T01:45:16.000Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="https 中的数字证书与中间人攻击">
<meta name="twitter:description" content="本文总结下https中的数字证书，浏览器如何验证，中间人攻击如何进行和防范">



<script type="text/javascript" id="hexo.configurations">
  var NexT = window.NexT || {};
  var CONFIG = {
    root: '/',
    scheme: 'Muse',
    version: '5.1.4',
    sidebar: {"position":"left","display":"post","offset":12,"b2t":false,"scrollpercent":false,"onmobile":false},
    fancybox: true,
    tabs: true,
    motion: {"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}},
    duoshuo: {
      userId: '0',
      author: '博主'
    },
    algolia: {
      applicationID: '',
      apiKey: '',
      indexName: '',
      hits: {"per_page":10},
      labels: {"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}
    }
  };
</script>



  <link rel="canonical" href="https://huangrenhao.gitee.io/2020/09/06/https-certificate/">





  <title>https 中的数字证书与中间人攻击 | renhao</title>
  








<link rel="stylesheet" href="/css/prism-tomorrow.css" type="text/css"></head>

<body itemscope="" itemtype="http://schema.org/WebPage" lang="zh-Hans">
  
  
    
  

  <div class="container sidebar-position-left page-post-detail">
    <div class="headband"></div>

    <header id="header" class="header" itemscope="" itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-wrapper">
  <div class="site-meta ">
    

    <div class="custom-logo-site-title">
      <a href="/" class="brand" rel="start">
        <span class="logo-line-before"><i></i></span>
        <span class="site-title">renhao</span>
        <span class="logo-line-after"><i></i></span>
      </a>
    </div>
      
        <p class="site-subtitle"></p>
      
  </div>

  <div class="site-nav-toggle">
    <button>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
    </button>
  </div>
</div>

<nav class="site-nav">
  

  
    <ul id="menu" class="menu">
      
        
        <li class="menu-item menu-item-home">
          <a href="/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-home"></i> <br>
            
            首页
          </a>
        </li>
      
        
        <li class="menu-item menu-item-categories">
          <a href="/categories/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-th"></i> <br>
            
            分类
          </a>
        </li>
      
        
        <li class="menu-item menu-item-archives">
          <a href="/archives/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-archive"></i> <br>
            
            归档
          </a>
        </li>
      

      
    </ul>
  

  
</nav>



 </div>
    </header>

    <main id="main" class="main">
      <div class="main-inner">
        <div class="content-wrap">
          <div id="content" class="content">
            

  <div id="posts" class="posts-expand">
    

  

  
  
  

  <article class="post post-type-normal" itemscope="" itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block">
    <link itemprop="mainEntityOfPage" href="https://huangrenhao.gitee.io/2020/09/06/https-certificate/">

    <span hidden itemprop="author" itemscope="" itemtype="http://schema.org/Person">
      <meta itemprop="name" content="renhao">
      <meta itemprop="description" content="">
      <meta itemprop="image" content="/images/avatar.gif">
    </span>

    <span hidden itemprop="publisher" itemscope="" itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="renhao">
    </span>

    
      <header class="post-header">

        
        
          <h1 class="post-title" itemprop="name headline">https 中的数字证书与中间人攻击</h1>
        

        <div class="post-meta">
          <span class="post-time">
            
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              
                <span class="post-meta-item-text">发表于</span>
              
              <time title="创建于" itemprop="dateCreated datePublished" datetime="2020-09-06T11:38:29+08:00">
                2020-09-06
              </time>
            

            

            
          </span>

          
            <span class="post-category">
            
              <span class="post-meta-divider">|</span>
            
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              
                <span class="post-meta-item-text">分类于</span>
              
              
                <span itemprop="about" itemscope="" itemtype="http://schema.org/Thing">
                  <a href="/categories/http/" itemprop="url" rel="index">
                    <span itemprop="name">http</span>
                  </a>
                </span>

                
                
              
            </span>
          

          
            
              <span class="post-comments-count">
                <span class="post-meta-divider">|</span>
                <span class="post-meta-item-icon">
                  <i class="fa fa-comment-o"></i>
                </span>
                <a href="/2020/09/06/https-certificate/#comments" itemprop="discussionUrl">
                  <span class="post-comments-count valine-comment-count" data-xid="/2020/09/06/https-certificate/" itemprop="commentCount"></span>
                </a>
              </span>
            
          

          
          

          

          
            <div class="post-wordcount">
              
                
                <span class="post-meta-item-icon">
                  <i class="fa fa-file-word-o"></i>
                </span>
                
                  <span class="post-meta-item-text">字数统计&#58;</span>
                
                <span title="字数统计">
                  1.7k
                </span>
              

              
                <span class="post-meta-divider">|</span>
              

              
                <span class="post-meta-item-icon">
                  <i class="fa fa-clock-o"></i>
                </span>
                
                  <span class="post-meta-item-text">阅读时长 &asymp;</span>
                
                <span title="阅读时长">
                  6
                </span>
              
            </div>
          

          

        </div>
      </header>
    

    
    
    
    <div class="post-body" itemprop="articleBody">

      
      

      
        <p>本文总结下https中的数字证书，浏览器如何验证，中间人攻击如何进行和防范<a id="more"></a></p>
<h3 id="https-中的握手过程"><a href="#https-中的握手过程" class="headerlink" title="https 中的握手过程"></a>https 中的握手过程</h3><ol>
<li><strong>协商加密算法</strong>：浏览器 A 向服务器发送浏览器的 ssl 版本号和一些可选的加密算法，B从中选择自己所支持的算法，并告知A</li>
<li><strong>服务器鉴别</strong>：服务器 B 向浏览器 A 发送包含其 RSA 公钥的数字证书，A 使用该证书的认证机构 CA 公开发布的 RSA 公钥对该证书进行验证</li>
<li><strong>会话秘钥计算</strong>：由浏览器 A 产生一个随机秘密数，用服务器 B 的 RSA 公钥进行加密后发送给 B，双方根据协商的算法产生共享的对称会话秘钥</li>
<li><strong>安全数据传输</strong>：双方用会话秘钥加密和解密它们之间传输的数据并验证其完整性</li>
</ol>
<h3 id="数字证书与-CA"><a href="#数字证书与-CA" class="headerlink" title="数字证书与 CA"></a>数字证书与 CA</h3><p>CA（数字证书颁发机构）不会直接向用户签发证书，在用户证书和CA的根证书Root CA（自己对自己进行签名验证）中间还有中间证书颁发机构，CA 可以通过 Root CA 来签发中间证书，授权中间证书颁发机构签发证书权限，中间证书颁发机构通过中间证书签发用户证书。多了中间证书是为了保护根证书，减少根证书被攻击甚至被破解的风险，因为一旦根证书不可信，该CA签发的所有证书都将无效。按常理来说中间证书越多，根证书越安全，但缺点就是根证书越多证书结构就越复杂，验证时需要的资源也就越多。<br>证书链就是按照从根证书经过层层中间证书，最后终于用户证书。证书链中每个证书的签名（加密密文），是上一层证书机构拿该证书机构的私钥对该证书内容（证书中的公钥、机构等）进行sha 得到的摘要进行加密后的密文。证书验证就是找到该证书签发机构的公钥，对证书中的密文进行解密得到加密前的摘要，然后将证书内容再做一遍 sha 得到摘要，比较这两个摘要是否匹配，如果匹配则说明证书合法。<br>每层证书都是通过这样的方式验证其是否合法，最后到CA根证书 Root CA，根证书被浏览器所信任，浏览器会内置绝大部分的CA证书链，因为CA是可信任的第三方机构，他们被 webTrust 信任，只有通过WebTrust国际安全审计认证的证书颁发机构CA，其签发的证书才会被各大浏览器信任。</p>
<h3 id="浏览器验证证书过程"><a href="#浏览器验证证书过程" class="headerlink" title="浏览器验证证书过程"></a>浏览器验证证书过程</h3><ol>
<li>浏览器拿到证书后，首先验证证书是否再有效期内，证书中会包含有效期的起始时间和结束时间</li>
<li>验证证书是否被吊销，有 CRL 和 OCSP<ul>
<li>CRL，证书吊销列表，已吊销的证书会被记录在其中。CA 会定期发布 CRL。<br>缺点有两个：<ul>
<li>可能会很大，下载麻烦（有增量 CRL 可以解决）</li>
<li>滞后性，就算证书被吊销了，也需要等 CRL 更新之后才能知道</li>
</ul>
</li>
<li>OCSP，在线证书状态检查协议，按标准发送请求验证证书状态，可以认为是实时。</li>
</ul>
</li>
<li>验证证书是否是上级 CA 签发，通过上级 CA 证书的信息进行层层验证，最后到根证书。如果没找到证书链，则判断这个证书非法。</li>
</ol>
<h3 id="中间人攻击"><a href="#中间人攻击" class="headerlink" title="中间人攻击"></a>中间人攻击</h3><p>mitm，Man-in-the-MiddleAttack，通过拦截正常的网络通信数据，并进行数据篡改和嗅探，而通信的双方却毫不知情</p>
<h4 id="如何发生"><a href="#如何发生" class="headerlink" title="如何发生"></a>如何发生</h4><ul>
<li>dns 欺骗：通过入侵 dns 服务器、控制路由器等把受害者要访问的目标机器域名对应的 ip 解析成攻击者所控制的机器，攻击者就可以进行监听或者修改数据。这种手法成功率不大，因为大部分用户的 dns 都是通过 isp 服务器完成的，即系统在接入网络时就会获取 isp 服务器提供的dns服务器地址</li>
<li>会话劫持：典型的攻击方式是通过 tcp/ip 协议工作原理进行，tcp 利用两种条件来确认每条已经建立连接的 tcp 通道，一是通过四元组（源 ip、源端口、目的 ip、目的端口），二是通过序号标识，发送序号 seq 和确认序号 ack，联系是 本次发送的 seq 是上次收到的 ack 序号，本次发送的 ack 是上次发送的 seq + 上次发送的 tcp 数据长度。知道这个规律后攻击者就可以在合法主机收到正确报文时发送伪造报文，如果该合法主机先收到攻击报文，就会收到欺骗将合法连接建立在攻击主机与被攻击主机之间。这种方式可以让攻击者绕过被攻击主机对访问者的身份验证和安全验证。但对话劫持要求通过 MAC 寻址 的网络环境，必要还要通过 arp 欺骗（只有局域网符合这两个条件）</li>
<li>代理服务器：工作模式就是典型的中间人攻击，可以窥探数据，或者在返回的报文中增加木马程序（如在返回的 html 中加一个 mime 攻击漏洞代码）</li>
</ul>
<h4 id="https-如何防范了中间人攻击？有何缺点"><a href="#https-如何防范了中间人攻击？有何缺点" class="headerlink" title="https 如何防范了中间人攻击？有何缺点"></a>https 如何防范了中间人攻击？有何缺点</h4><p>对于 dns 欺骗类型的网络攻击，这种中间人存在虽然可以将正常的请求导向攻击者，但只要攻击者没有包含目标网站的证书就可以在浏览器验证证书链中判断证书非法从而阻断导航。（攻击者为什么不拿目标网站的证书作为返回的证书呢？那就没有办法解密了，因为没有私钥）</p>
<h3 id="客户端场景"><a href="#客户端场景" class="headerlink" title="客户端场景"></a>客户端场景</h3><p>比如说银行 u 盾、支付宝这样的<br>这类证书就是用户自行导入的 Root CA证书，导入之后浏览器会信任该 Root CA 签署的中间证书，相当于开后门之类。如果 Root CA 没有很好的维护，比如发生私钥泄露，就会被攻击者盗用。所以对待自行导入的 Root CA 要慎重操作！</p>
<blockquote>
<p>参考资源<br><a href="https://www.zhihu.com/question/37370216" target="_blank" rel="noopener">知乎浏览器如何验证 https 证书的合法性</a><br><a href="https://www.cnblogs.com/hyddd/archive/2009/01/07/1371292.html" target="_blank" rel="noopener">浅谈数字证书</a><br><a href="https://www.cnblogs.com/lulianqi/p/10558719.html" target="_blank" rel="noopener">https 中间人攻击实例</a><br><a href="https://baike.baidu.com/item/%E4%B8%AD%E9%97%B4%E4%BA%BA%E6%94%BB%E5%87%BB/1739730?fr=aladdin#5" target="_blank" rel="noopener">百度百科：中间人攻击</a><br><a href="https://zhuanlan.zhihu.com/p/21383612" target="_blank" rel="noopener">为什么不应该安装 12306 的证书</a><br><a href="https://www.zhihu.com/question/22306245/answer/21002652" target="_blank" rel="noopener">支付宝偷偷添加根证书，将造成安全隐患</a></p>
</blockquote>

      
    </div>
    
    
    

    

    

    

    <footer class="post-footer">
      

      
      
      

      
        <div class="post-nav">
          <div class="post-nav-next post-nav-item">
            
              <a href="/2020/09/03/js-ajax-axios-fetch/" rel="next" title="js 与网络请求">
                <i class="fa fa-chevron-left"></i> js 与网络请求
              </a>
            
          </div>

          <span class="post-nav-divider"></span>

          <div class="post-nav-prev post-nav-item">
            
              <a href="/2020/09/07/browser-performance-optimization/" rel="prev" title="前端性能及其优化">
                前端性能及其优化 <i class="fa fa-chevron-right"></i>
              </a>
            
          </div>
        </div>
      

      
      
    </footer>
  </div>
  
  
  
  </article>



    <div class="post-spread">
      
    </div>
  </div>


          </div>
          


          

  
    <div class="comments" id="comments">
    </div>
  



        </div>
        
          
  
  <div class="sidebar-toggle">
    <div class="sidebar-toggle-line-wrap">
      <span class="sidebar-toggle-line sidebar-toggle-line-first"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-middle"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-last"></span>
    </div>
  </div>

  <aside id="sidebar" class="sidebar">
    
    <div class="sidebar-inner">

      

      
        <ul class="sidebar-nav motion-element">
          <li class="sidebar-nav-toc sidebar-nav-active" data-target="post-toc-wrap">
            文章目录
          </li>
          <li class="sidebar-nav-overview" data-target="site-overview-wrap">
            站点概览
          </li>
        </ul>
      

      <section class="site-overview-wrap sidebar-panel">
        <div class="site-overview">
          <div class="site-author motion-element" itemprop="author" itemscope="" itemtype="http://schema.org/Person">
            
              <p class="site-author-name" itemprop="name">renhao</p>
              <p class="site-description motion-element" itemprop="description"></p>
          </div>

          <nav class="site-state motion-element">

            
              <div class="site-state-item site-state-posts">
              
                <a href="/archives/">
              
                  <span class="site-state-item-count">94</span>
                  <span class="site-state-item-name">日志</span>
                </a>
              </div>
            

            
              
              
              <div class="site-state-item site-state-categories">
                <a href="/categories/index.html">
                  <span class="site-state-item-count">19</span>
                  <span class="site-state-item-name">分类</span>
                </a>
              </div>
            

            

          </nav>

          
            <div class="feed-link motion-element">
              <a href="/atom.xml" rel="alternate">
                <i class="fa fa-rss"></i>
                RSS
              </a>
            </div>
          

          

          
          

          
          

          

        </div>
      </section>

      
      <!--noindex-->
        <section class="post-toc-wrap motion-element sidebar-panel sidebar-panel-active">
          <div class="post-toc">

            
              
            

            
              <div class="post-toc-content"><ol class="nav"><li class="nav-item nav-level-3"><a class="nav-link" href="#https-中的握手过程"><span class="nav-number">1.</span> <span class="nav-text">https 中的握手过程</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#数字证书与-CA"><span class="nav-number">2.</span> <span class="nav-text">数字证书与 CA</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#浏览器验证证书过程"><span class="nav-number">3.</span> <span class="nav-text">浏览器验证证书过程</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#中间人攻击"><span class="nav-number">4.</span> <span class="nav-text">中间人攻击</span></a><ol class="nav-child"><li class="nav-item nav-level-4"><a class="nav-link" href="#如何发生"><span class="nav-number">4.1.</span> <span class="nav-text">如何发生</span></a></li><li class="nav-item nav-level-4"><a class="nav-link" href="#https-如何防范了中间人攻击？有何缺点"><span class="nav-number">4.2.</span> <span class="nav-text">https 如何防范了中间人攻击？有何缺点</span></a></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#客户端场景"><span class="nav-number">5.</span> <span class="nav-text">客户端场景</span></a></li></ol></div>
            

          </div>
        </section>
      <!--/noindex-->
      

      

    </div>
  </aside>


        
      </div>
    </main>

    <footer id="footer" class="footer">
      <div class="footer-inner">
        <div class="copyright">&copy; <span itemprop="copyrightYear">2020</span>
  <span class="with-love">
    <i class="fa fa-user"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">renhao</span>

  
    <span class="post-meta-divider">|</span>
    <span class="post-meta-item-icon">
      <i class="fa fa-area-chart"></i>
    </span>
    
      <span class="post-meta-item-text">Site words total count&#58;</span>
    
    <span title="Site words total count">265.9k</span>
  
</div>


  <div class="powered-by">由 <a class="theme-link" target="_blank" href="https://hexo.io">Hexo</a> 强力驱动</div>



  <span class="post-meta-divider">|</span>



  <div class="theme-info">主题 &mdash; <a class="theme-link" target="_blank" href="https://github.com/iissnan/hexo-theme-next">NexT.Muse</a> v5.1.4</div>




        







        
      </div>
    </footer>

    
      <div class="back-to-top">
        <i class="fa fa-arrow-up"></i>
        
      </div>
    

    

  </div>

  

<script type="text/javascript">
  if (Object.prototype.toString.call(window.Promise) !== '[object Function]') {
    window.Promise = null;
  }
</script>









  












  
  
    <script type="text/javascript" src="/lib/jquery/index.js?v=2.1.3"></script>
  

  
  
    <script type="text/javascript" src="/lib/fastclick/lib/fastclick.min.js?v=1.0.6"></script>
  

  
  
    <script type="text/javascript" src="/lib/jquery_lazyload/jquery.lazyload.js?v=1.9.7"></script>
  

  
  
    <script type="text/javascript" src="/lib/velocity/velocity.min.js?v=1.2.1"></script>
  

  
  
    <script type="text/javascript" src="/lib/velocity/velocity.ui.min.js?v=1.2.1"></script>
  

  
  
    <script type="text/javascript" src="/lib/fancybox/source/jquery.fancybox.pack.js?v=2.1.5"></script>
  


  


  <script type="text/javascript" src="/js/src/utils.js?v=5.1.4"></script>

  <script type="text/javascript" src="/js/src/motion.js?v=5.1.4"></script>



  
  

  
  <script type="text/javascript" src="/js/src/scrollspy.js?v=5.1.4"></script>
<script type="text/javascript" src="/js/src/post-details.js?v=5.1.4"></script>



  


  <script type="text/javascript" src="/js/src/bootstrap.js?v=5.1.4"></script>



  


  




	





  





  










  <script src="//cdn1.lncld.net/static/js/3.0.4/av-min.js"></script>
  <script src="//unpkg.com/valine/dist/Valine.min.js"></script>
  
  <script type="text/javascript">
    var GUEST = ['nick','mail','link'];
    var guest = 'nick,mail,link';
    guest = guest.split(',').filter(item=>{
      return GUEST.indexOf(item)>-1;
    });
    new Valine({
        el: '#comments' ,
        verify: false,
        notify: false,
        appId: '2P1xqUWiCoNm14MH4yhURlJi-gzGzoHsz',
        appKey: 'uJN0uagHIVgXtBO1OuLV9Ban',
        placeholder: 'Just go go',
        avatar:'mm',
        guest_info:guest,
        pageSize:'10' || 10,
    });
  </script>



  





  

  

  

  
  

  

  

  

</body>
</html>
